B 2698 L.N. 372 of 2017 PREVENTION OF MONEY LAUNDERING ACT (CAP. 373) Prevention of Money Laundering and Funding of Terrorism Regulations, 2017 IN exercise of the powers conferred by article 12 of the Prevention of Money Laundering Act, the Minister for Finance has made the following regulations:- Title, scope and commencement. 1. (1) The title of these regulations is the Prevention of Money Laundering and Funding of Terrorism Regulations, 2017. (2) These regulations shall come into force on the 1st January, 2018. (3) The objective of these regulations is to implement the provisions of Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing. Interpretation and application. Cap. 373. 2. (1) In these regulations, unless the context otherwise requires - "the Act" means the Prevention of Money Laundering Act; "beneficial owner" means any natural person or persons who ultimately own or control the customer and, or the natural person or persons on whose behalf a transaction or activity is being conducted, and: (a) in the case of a body corporate or a body of persons, the beneficial owner shall consist of any natural person or persons who ultimately own or control that body corporate or body of persons through direct or indirect ownership of twentyfive per centum (25%) plus one (1) or more of the shares or more than twenty-five per centum (25%) of the voting rights or an ownership interest of more than twenty-five per centum (25%) in that body corporate or body of persons, including through bearer share holdings, or through control via other means, other than a company that is listed on a regulated market which is subject to disclosure requirements consistent with European Union law or equivalent international standards which ensure adequate transparency of ownership information:
B 2699 Provided that a shareholding of twenty-five per centum (25%) plus one (1) share or more, or the holding of an ownership interest or voting rights of more than twenty-five per centum (25%) in the customer shall be an indication of direct ownership when held directly by a natural person, and of indirect ownership when held by one or more bodies corporate or body of persons or through a trust or a similar legal arrangement, or a combination thereof: Provided further that if, after having exhausted all possible means and provided there are no grounds of suspicion, no beneficial owner in terms of this paragraph has been identified, subject persons shall consider the natural person or persons who hold the position of senior managing official or officials to be the beneficial owners, and shall keep a record of the actions taken to identify the beneficial owner in terms of this paragraph. (b) consist of: in the case of trusts the beneficial owner shall (i) (ii) the settlor; the trustee or trustees; (iii) the protector, where applicable; (iv) the beneficiaries or the class of beneficiaries as may be applicable; and (v) any other natural person exercising ultimate control over the trust by means of direct or indirect ownership or by other means; (c) in the case of legal entities such as foundations, and legal arrangements similar to trusts, the beneficial owner shall consist of the natural person or persons holding equivalent or similar positions to those referred to in paragraph (b); ''business relationship'' means a business, professional or commercial relationship between two or more persons, at least one of which is acting in the course of either relevant financial business or relevant activity, and which has, or is expected to have at the time when the contact is established, an element of duration; ''casino'' has the same meaning as is assigned to the term by article 2 of the Gaming Act and ''casino licensee'' in these regulations shall be construed accordingly; Cap. 400
B 2700 Cap. 370 Cap. 386 ''collective investment scheme'', and ''units'' have the same meanings as are assigned to these terms respectively in the Investment Services Act; ''company'' has the same meaning as is assigned to the term in the Companies Act; "competent authority" means: (a) any supervisory authority; (b) the Comptroller of Customs when carrying out duties under any regulation that may be issued or are in force from time to time relating to the cross-border movement of cash and other financial instruments; (c) (d) (e) the Commissioner for Revenue; the Security Service; and the Sanctions Monitoring Board; "correspondent relationship" means: (a) the provision of banking services by one bank as the correspondent to another bank as the respondent, including providing a current or other liability account and related services, such as cash management, international funds transfers, cheque clearing, payable-through accounts and foreign exchange services; (b) the relationship between and among institutions carrying out relevant financial business and activities equivalent thereto, including where similar services to those under paragraph (a) are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions or funds transfers; ''criminal activity'' has the same meaning as is assigned to the term in the Act; "customer" means a legal or natural person who seeks to form, or who has formed a business relationship, or seeks to carry out an occasional transaction with a person who is acting in the course of either relevant financial business or relevant activity; Cap. 376 "electronic money" has the same meaning as is assigned to the term in the Financial Institutions Act;
B 2701 "European Supervisory Authorities" has the same meaning as is assigned to the term in the Act; ''Financial Intelligence Analysis Unit'' has the same meaning as is assigned to the term in the Act; ''funding of terrorism'' means the conduct described in articles 328F and 328I both inclusive, of the Criminal Code; "gaming licensee" means any person authorised in terms of the Lotteries and Other Games Act to provide a gaming service; "gaming service" means making a game available for participation by players, and "game" shall have the same meaning as is assigned to the term in the Lotteries and other Games Act; ''group'' has the same meaning as is assigned to the term in the Companies Act; "long term insurance business" means the business of insurance of any of the classes specified in the Second Schedule to the Insurance Business Act; Cap. 9 Cap. 438 Cap. 438 Cap. 386 Cap. 403 "management body" means the board of directors or, where there is no board of directors, the body having equivalent powers and functions; "Member State" has the same meaning as is assigned to the term in the Act; ''money laundering'' has the same meaning as is assigned to the term in the Act; ''non-reputable jurisdiction'' means any jurisdiction having deficiencies in its national anti-money laundering and counter funding of terrorism regime or having inappropriate and ineffective measures for the prevention of money laundering and the funding of terrorism, taking into account any accreditation, declaration, public statement or report issued by an international organisation which lays down internationally accepted standards for the prevention of money laundering and for combating the funding of terrorism or which monitors adherence thereto, or is a jurisdiction identified by the European Commission in accordance with Article 9 of Directive (EU) 2015/849; ''occasional transaction'' means any transaction or service carried out or provided by a subject person for his customer, other than a transaction or service carried out or provided within a business
B 2702 relationship, and includes the following: (a) a transaction amounting to fifteen thousand euro ( 15,000) or more, carried out in a single operation or in several operations which appear to be linked; (b) a transfer of funds as defined under Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015, which exceeds one thousand euro ( 1,000) in a single operation or in several operations which appear to be linked; (c) a transaction in cash amounting to ten thousand euro ( 10,000) or more, carried out by a natural or legal person trading in goods in a single operation or in several operations which appear to be linked; (d) a transaction amounting to two thousand euro ( 2,000) or more, carried out by gaming or casino licensees in a single operation or in several operations which appear to be linked; (e) the provision of tax advice; and (f) the formation of a company, trust, foundation or a similar structure. "politically exposed persons" means natural persons who are or have been entrusted with prominent public functions, other than middle ranking or more junior officials. For the purposes of this definition the term "natural persons who are or have been entrusted with prominent public functions" includes the following: (a) Heads of State, Heads of Government, Ministers, Deputy or Assistant Ministers, and Parliamentary Secretaries; (b) bodies; (c) parties; Members of Parliament or similar legislative Members of the governing bodies of political (d) Members of superior, supreme, and constitutional courts or of other high-level judicial bodies whose decisions are not subject to further appeal, except in exceptional circumstances; (e) Members of courts of auditors or of the boards of
B 2703 central banks; (f) Ambassadors, charges d affaires and high ranking officers in the armed forces; (g) Members of the administrative, management or supervisory boards of State-owned enterprises; (h) Anyone exercising a function equivalent to those set out in paragraphs (a) to (f) within an institution of the European Union or any other international body; ''relevant activity'' means the activity of the following legal or natural persons when acting in the exercise of their professional activities: (a) auditors, external accountants and tax advisors, including when acting as provided for in paragraph (c); (b) real estate agents; (c) notaries and other independent legal professionals when they participate, whether by acting on behalf of and for their client in any financial or real estate transaction or by assisting in the planning or carrying out of transactions for their clients concerning the (i) buying and selling of real property or business entities; (ii) managing of client money, securities or other assets, unless the activity is undertaken under a licence issued under the provisions of the Investment Services Act; Cap. 370 (iii) opening or management of bank, savings or securities accounts; (iv) organisation of contributions necessary for the creation, operation or management of companies; (v) creation, operation or management of companies, trusts, foundations or similar structures, or when acting as a trust or company service provider; (d) trust and company service providers; (e) nominee companies holding a warrant under the Malta Financial Services Authority Act and acting in relation to Cap. 330
B 2704 dissolved companies registered under the said Act; (f) (g) casino licensees; gaming licensees; and (h) any natural or legal person trading in goods, but only where a transaction involves payment in cash in an amount equal to ten thousand euro ( 10,000) or more whether the transaction is carried out in a single operation or in several operations which appear to be linked; ''relevant financial business'' means Cap. 371 Cap. 376 Cap. 403 Cap. 487 S.L. 403.11 S.L. 386. 10 S.L. 386.13 (a) any business of banking carried on by a person or institution who is for the time being licensed, or required to be licensed, under the provisions of the Banking Act; (b) any activity of a financial institution carried on by a person or institution who is for the time being licensed, or required to be licensed, under the provisions of the Financial Institutions Act; (c) any long term insurance business other than business of reinsurance carried on by a person or institution who is for the time being authorised, or required to be authorised, under the provisions of the Insurance Business Act; (d) any insurance intermediary activities carried out by an insurance intermediary or by a tied insurance intermediary related to long-term insurance business which person or institution is enrolled or required to be enrolled under the provisions of the Insurance Intermediaries Act, other than a natural person who is registered or enrolled and acts on behalf of a tied insurance intermediary or a person or institution enrolled as a tied insurance intermediary that does not collect premiums, or other amounts intended for the policyholder or the beneficiary; (e) any long term insurance business other than business of reinsurance carried on by a person in accordance with the Insurance Business (Captive Insurance Undertakings and Captive Reinsurance Undertakings) Regulations, by a cell company in accordance with the provisions of the Companies Act (Cell Companies Carrying on Business of Insurance) Regulations or by an incorporated cell company and an incorporated cell in accordance with the provisions of the Companies Act (Incorporated Cell Companies Carrying on
B 2705 Business of Insurance) Regulations; (f) investment services carried on by a person or institution licensed or required to be licensed under the provisions of the Investment Services Act; (g) administration services to collective investment schemes provided by a person or institution recognised or required to be recognised under the provisions of the Investment Services Act other than administration services provided by recognised incorporated cell companies in accordance with the Companies Act (Recognised Incorporated Cell Companies) Regulations; (h) a collective investment scheme marketing its units or shares, licensed, recognised or notified, or required to be licensed, recognised or notified, under the provisions of the Investment Services Act; (i) any activity other than that of a retirement scheme or a retirement fund, carried on in relation to a retirement scheme, by a person or institution licensed or required to be licensed under the provisions of the Retirement Pensions Act and for the purpose of this paragraph, ''retirement scheme'' and ''retirement fund'' shall have the same meaning as is assigned to them in the Retirement Pension Act; (j) any activity of a regulated market and that of a central securities depository authorised or required to be authorised under the provisions of the Financial Markets Act; Cap. 370 Cap. 370 S.L. 386.15 Cap. 370 Cap. 514 Cap. 345 (k) safe custody services provided by any person or institution not covered under paragraph (a) or (f); (l) any activity under paragraphs (a) to (k) carried out by branches established in Malta and whose head offices are situated outside Malta; "senior management" means an officer or employee with sufficient knowledge of the subject person's money laundering and terrorist financing risk exposure and sufficient seniority to take decisions affecting its risk exposure, and need not be a member of the management body; ''shell institution'' means an institution carrying out activities equivalent to relevant financial business, incorporated in a jurisdiction in which it has no physical presence, involving meaningful mind and management, and which is not affiliated with a
B 2706 regulated financial group; ''subject person'' means any legal or natural person carrying out either relevant financial business or relevant activity; ''supervisory authority'' means (a) (b) the Central Bank of Malta; the Malta Financial Services Authority; Cap. 386 Cap. 438 Cap. 400 Cap. 281 Cap. 9 (c) the Registrar of Companies acting under articles 403 to 423 of the Companies Act; (d) the Malta Gaming Authority acting under the Lotteries and Other Games Act and the Gaming Act, and any regulations issued thereunder; (e) the Quality Assurance Oversight Committee appointed by the Accountancy Board under the Accountancy Profession Act; ''terrorism'' means any act of terrorism as defined in article 328A of the Criminal Code; ''trust and company service provider'' means any natural or legal person who: Cap. 331 Cap. 529 (a) provides trustee or other fiduciary services, whether authorised or otherwise, in terms of the Trusts and Trustees Act, other than persons acting as trustees in terms of article 43A of the said Act; (b) acts as a company service provider, whether registered or notified, in terms of the Company Service Providers Act; (c) arranges, by way of business, for another person to act as a trustee of an express trust or a similar legal arrangement; Cap. 345 (d) arranges, by way of business, for another person to act as a fiduciary shareholder for another person other than a company listed on regulated market that is subject to disclosure requirements in conformity with the Financial Markets Act or subject to equivalent international standards. (2) Where these regulations are extended to professions and other categories of undertakings other than those referred to in this
B 2707 regulation and whose activities are particularly likely to be used for the purposes of money laundering or the funding of terrorism, these regulations shall apply in full or in part as may be established by such extension in accordance with the provisions of the Act, and the Financial Intelligence Analysis Unit shall inform the European Commission accordingly. (3) The Financial Intelligence Analysis Unit, in conjunction with the relevant supervisory authority, may require entities issuing electronic money or providing payment services whose head office is situated in another Member State, and that are established in Malta in forms other than a branch, to appoint a central contact point in Malta to ensure on behalf of the appointing entity compliance with these regulations and to facilitate the monitoring of such compliance, including by providing the Financial Intelligence Analysis Unit and supervisory authorities with information and documents upon request. (4) These regulations shall also apply where any relevant financial business or any relevant activity as defined in this regulation is undertaken or performed through the Internet or other electronic means. (5) The Financial Intelligence Analysis Unit shall cooperate with the European Supervisory Authorities for the purposes of Directive (EU) 2015/849 and it shall provide the European Supervisory Authorities with any information which is necessary to carry out their duties under Directive (EU) 2015/849 and under Regulation (EU) No 1093/2010, Regulation (EU) No 1094/2010 and Regulation (EU) No 1095/ 2010. 3. (1) The Financial Intelligence Analysis Unit, in conjunction with the relevant supervisory authority may, following an appropriate risk assessment, determine that these regulations are not to apply, in whole or in part, to specific gaming services on the basis of proven low risk of money laundering and funding of terrorism posed by the nature and, where appropriate, the scale of operations of such services. (2) Any exemption in terms of sub-regulation (1) shall be revoked if the Financial Intelligence Analysis Unit, in conjunction with the relevant supervisory authority, determines that the risk of money laundering or funding of terrorism posed by such gaming services can no longer be considered as low. (3) Any exemption or revocation in terms of this regulation shall be communicated to the European Commission. Specific gaming services.
B 2708 (4) The provisions of sub-regulation (1) shall not be applicable to casinos and/or to any casino type games provided via electronic means of distance communication. Relevant financial business on an occasional or very limited basis. 4. (1) The Financial Intelligence Analysis Unit may determine that legal and natural persons who engage in a financial activity on an occasional or very limited basis and where there is little risk of money laundering or the funding of terrorism occurring, are not to be considered as subject persons for the purposes of these regulations. (2) For the purpose of reaching a determination under subregulation (1) the Financial Intelligence Analysis Unit shall consider a legal or natural person to be engaging in a financial activity on an occasional or very limited basis where all of the following criteria are met: (a) the total annual turnover of the financial activity does not exceed fifteen thousand euro ( 15,000), and the Financial Intelligence Analysis Unit may establish different thresholds not exceeding this amount depending on the type of financial activity; (b) each transaction per customer does not exceed five hundred euro ( 500) whether the transaction is carried out in a single operation or in several operations which appear to be linked, and the Financial Intelligence Analysis Unit may establish different thresholds not exceeding this amount depending on the type of financial activity; (c) the financial activity is not the main activity and in absolute terms does not exceed five per centum (5%) of the total turnover of the legal or natural person concerned; (d) the financial activity is ancillary and directly related to the main activity; (e) the main activity is not an activity falling within the definition "relevant financial business" or "relevant activity"; and (f) the financial activity is provided only to the customers of the main activity and is not generally offered to the public: Provided that in making a determination under subregulation (1) in relation to a person who engages in the remittance and transfer of money, the Financial Intelligence
B 2709 Analysis Unit shall only consider the criteria set out in paragraphs (b) to (f). (3) In assessing the risk of money laundering or the funding of terrorism for the purposes of sub-regulation (1), the Financial Intelligence Analysis Unit shall pay particular attention to, and examine any financial activity which is particularly likely, by its very nature, to be used or abused for money laundering or the funding of terrorism and the Financial Intelligence Analysis Unit shall not consider that financial activity as representing a low risk of money laundering or funding of terrorism if the information available suggests otherwise. (4) In making a determination under sub-regulation (1) the Financial Intelligence Analysis Unit shall further state the reasons underlying the decision and shall revoke such determination should circumstances change. (5) The Financial Intelligence Analysis Unit shall establish risk-based monitoring mechanisms or other adequate measures as is practicable to ensure that determinations under sub-regulation (1) are not abused for money laundering or the funding of terrorism. (6) The Financial Intelligence Analysis Unit shall inform the European Commission accordingly of any determination made under sub-regulation (1) or its subsequent revocation under sub-regulation (4). 5. (1) Every subject person shall take appropriate steps, proportionate to the nature and size of its business, to identify and assess the risks of money laundering and funding of terrorism that arise out of its activities or business, taking into account risk factors including those relating to customers, countries or geographical areas, products, services, transactions and delivery channels and shall furthermore take into consideration any national or supranational risk assessments relating to risks of money laundering and the funding of terrorism. (2) Where the Financial Intelligence Analysis Unit considers the risk of money laundering and the funding of terrorism inherent in any particular relevant activity or relevant financial business to be clear and understood, it may exempt subject persons carrying out such relevant activity or relevant financial business from the obligation to perform a risk assessment under sub-regulation (1). (3) The risk assessment referred to in sub-regulation (1) shall be properly documented, and shall be made available to the Financial Riskassessment.
B 2710 Intelligence Analysis Unit and any other relevant supervisory authority upon demand. (4) Subject persons shall ensure that the risk assessment carried out in terms of sub-regulation (1) is regularly reviewed and kept up-to-date. (5) Every subject person shall: (a) have in place and implement the following measures, policies, controls and procedures, proportionate to the nature and size of its business, which address the risks identified as a result of the risk assessment referred to in sub-regulation (1): (i) customer due diligence measures, recordkeeping procedures and reporting procedures; (ii) risk management measures including customer acceptance policies, internal control, compliance management, communications, employee screening policies and procedures; (b) take appropriate and proportionate measures from time to time for the purpose of making employees aware of (i) the measures, policies, controls and procedures under the provisions of paragraph (a) and any other relevant policies that are maintained by the subject person; and Cap. 373. Cap. 9 (ii) the provisions of the Prevention of Money Laundering Act and of these regulations; of the Sub-Title IV A "Of Acts of Terrorism, Funding of Terrorism and Ancillary Offences" of Title IX of Part II of Book First of the Criminal Code; and of data protection requirements; (c) appoint, where appropriate with regard to the nature and size of the business, an officer at management level whose duties shall include the monitoring of the day-to-day implementation of the measures, policies, controls and procedures adopted under this regulation; (d) implement, where appropriate with regard to the size and nature of the business, an independent audit function to test the internal measures, policies, controls and procedures; (e) provide employees from time to time with training
B 2711 in the recognition and handling of operations and transactions which may be related to proceeds of criminal activity, money laundering or the funding of terrorism; (f) monitor and where appropriate enhance the measures, policies, controls and procedures adopted to better achieve their intended purpose. (6) To the extent that it may be applicable, any measures, policies, controls, procedures and changes thereto shall be adopted and implemented following senior management approval, and, where applicable, the management board of the subject person may identify one of its members who is to be responsible for the implementation of these measures, policies, controls and procedures. (7) In this regulation, the term ''employees'' means those employees whose duties include the handling of either relevant financial business or relevant activity. (8) Where a natural person undertakes any of the professional activities as defined under relevant activity in regulation 2 as an employee of a legal person, the obligations under this regulation shall apply to that legal person. 6. (1) Subject persons that are part of a group shall be required to implement group-wide policies and procedures that include the measures established under regulation 5(5), as well as policies and procedures on data protection and the sharing of information within the group for the prevention of money laundering and the funding of terrorism. These policies and procedures shall be implemented effectively at the level of branches and majority-owned subsidiaries in Member States and third countries. (2) Subject persons having branches or majority-owned subsidiaries established in another Member State shall ensure that those branches or majority-owned subsidiaries comply with the national provisions of that Member State, transposing the provisions of Directive (EU) 2015/849. (3) Subject persons having branches or majority-owned subsidiaries established in third countries where the anti-money laundering and counter-funding of terrorism measures are less stringent than those under these regulations shall ensure that those branches or majority-owned subsidiaries implement the provisions of these regulations in so far as that third country s legislation permits the implementation of such provisions. (4) Where subject persons have branches or majority-owned Group-wide policies and procedures.
B 2712 subsidiaries established in third countries, and the legislation of such third countries does not permit the implementation of the policies and procedures under sub-regulation (1), subject persons shall ensure that those branches and majority-owned subsidiaries apply additional measures to effectively handle the risk of money laundering and funding of terrorism and shall immediately inform the Financial Intelligence Analysis Unit about these circumstances and the measures taken: Provided that where the additional measures are not adequate, the Financial Intelligence Analysis Unit shall, in collaboration with any relevant supervisory authority, exercise additional supervisory actions, including requiring those subject persons not to establish or to terminate existent business relationships and not to undertake transactions and, where necessary require those subject persons to close down their operations in the third country. (5) Where the Financial Intelligence Analysis Unit is in possession of information in accordance with sub-regulation (4) it shall, where applicable, inform the relevant supervisory authority, the relevant supervisory authorities of the other Member States, and the European Supervisory Authorities. (6) In fulfilling their obligations under sub-regulation (4), subject persons carrying out relevant financial business shall comply with any regulatory technical standards developed by the European Supervisory Authorities in accordance with Article 45(6) of Directive (EU) 2015/849 which may be adopted by the European Commission setting out the minimum action to be taken. Customer due diligence. 7. (1) Customer due diligence measures shall consist in: (a) the identification of the customer, and the verification of the identity of the customer on the basis of documents, data or information obtained from a reliable and independent source: Provided that where the customer is a body corporate, a body of persons, or any other form of legal entity or arrangement, subject persons shall also verify the legal status of the customer and shall also identify all directors and, where the customer does not have directors, all such other persons vested with its administration and representation; (b) the identification, where applicable, of the beneficial owners, and the taking of reasonable measures to verify their identity so that the subject person is satisfied of
B 2713 knowing who the beneficial owners are, including, in the case of a body corporate, foundations, trusts and similar legal arrangements, the taking of reasonable measures to understand the ownership and control structure of the customer; (c) assessing and, as appropriate, obtaining information on the purpose and intended nature of the business relationship, and establishing the business and risk profile of the customer; (d) conducting ongoing monitoring of the business relationship. (2) The ongoing monitoring of a business relationship for the purposes of sub-regulation (1) shall consist in: (a) the scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions being undertaken are consistent with the subject person s knowledge of the customer and of his business and risk profile, including, where necessary, the source of funds; and (b) ensuring that the documents, data or information held by the subject person are kept up-to-date. (3) Where a person purports to act on behalf of a customer, in addition to identifying and verifying the identity of the customer and, where applicable, the beneficial owner, subject persons shall ensure that such person is duly authorised in writing to act on behalf of the customer and shall identify and verify the identity of that person. (4) Subject persons shall not keep anonymous accounts or accounts in fictitious names. (5) Without prejudice to the provisions of regulation 8, customer due diligence measures shall be applied to all customers when: (a) (b) establishing a business relationship; carrying out an occasional transaction; and (c) the subject person has knowledge or suspicion of proceeds of criminal activity, money laundering or the funding of terrorism, regardless of any derogation, exemption or threshold. (6) Customer due diligence measures under this regulation
B 2714 shall also be applied, at appropriate times, to existing customers on a risk-sensitive basis, including at times when the subject person becomes aware that the relevant circumstances surrounding a business relationship have changed. (7) Customer due diligence measures under these regulations shall be repeated whenever, in relation to a business relationship, doubts arise about the veracity or adequacy of the previously obtained customer identification information. (8) The extent of the customer due diligence measures shall be commensurate to the risks of money laundering and funding of terrorism identified through the risk assessment carried out in terms of regulation 5(1) and may vary from case to case. (9) Subject persons providing long-term insurance business shall, in addition to identifying and verifying the identity of the customer and, where applicable, the beneficial owner in terms of subregulations (1)(a) and (b), carry out the following customer due diligence measures on the beneficiaries of long-term insurance policies: (a) where the beneficiaries are specifically named natural persons, legal entities or arrangements, subject persons shall identify such beneficiaries; (b) where the beneficiaries are designated by characteristics, class or other means, subject persons shall obtain sufficient information concerning those beneficiaries to be able to identify them at the time of payout; (c) where the beneficiaries assign any of their rights vested under the policy, subject persons shall, at the time of becoming aware of the assignment, identify the natural persons, legal entities or arrangements receiving for their own benefit the value of the policy assigned; (d) payout. verify the identity of the beneficiaries at the time of Cap. 376 (10) The Financial Intelligence Analysis Unit, with the concurrence of the relevant supervisory authority may, on the basis of an appropriate risk assessment which demonstrates a low risk of money laundering and funding of terrorism, exempt subject persons from the carrying out of customer due diligence measures under subregulations (1)(a) to (c) with respect to electronic money as defined under the Financial Institutions Act where all the following criteria are met:
B 2715 (a) the payment instrument is not reloadable, or has a maximum monthly payment transaction limit of two hundred fifty euro ( 250) which can be used only in Malta; (b) the maximum amount stored electronically does not exceed two hundred fifty euro ( 250), or five hundred euro ( 500) where the electronic device can be used only in Malta; (c) the payment instrument is used exclusively to purchase goods or services; (d) the payment instrument cannot be funded with anonymous electronic money; and (e) the issuer carries out sufficient monitoring of the transactions and the business relationship to enable the detection of unusual or suspicious transactions: Provided that this exemption shall not be applied in the case of redemption in cash or cash withdrawals of the monetary value stored on the payment instrument where the amount redeemed or withdrawn would exceed one hundred euro ( 100). (11) A customer, or any person purporting to act on his behalf, who makes a false declaration or a false representation or who produces false documentation for the purposes of this regulation shall be guilty of an offence and shall be liable, on conviction, to a fine (multa) not exceeding fifty thousand euro ( 50,000) or to imprisonment for a term not exceeding two years or to both such fine and imprisonment. (12) Subject persons carrying out relevant financial business involving the transfer of funds shall comply with the provisions of Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006. 8. (1) Subject persons shall verify the identity of the customer and, where applicable, the identity of the beneficial owner, before the establishment of a business relationship or the carrying out of an occasional transaction. (2) Notwithstanding the provisions of sub-regulation (1), subject persons may complete the verification after the establishment of a business relationship where this is necessary so as not to interrupt the normal conduct of business provided that the risk of money laundering or the funding of terrorism is low and, provided further, Verification of identification.
B 2716 that the verification procedures be completed as soon as is reasonably practicable after the establishment of the business relationship. (3) Notwithstanding the provisions of sub-regulations (1) and (2), subject persons carrying out relevant financial business may open an account, including accounts that permit transactions in transferable securities, as may be required by the customer provided that adequate safeguards are put in place to ensure that no transactions are carried out through the account until the verification procedures in accordance with sub-regulation (1) have been satisfactorily completed. (4) Where the beneficiaries of a trust, legal entity or arrangement are designated by particular characteristics or class, the subject person shall identify and verify the identity of the beneficiaries at the time of payout or at the time the beneficiaries exercise their vested rights: Provided that, before the establishment of a business relationship or the carrying out of an occasional transaction, the subject person shall obtain sufficient information concerning the beneficiaries to be able to identify and verify their identity at the time of payout or at the time the beneficiaries seek to exercise their vested rights. (5) Where a subject person is unable to comply with regulation 7(1)(a), (b) and (c), the customer due diligence procedures shall require that subject person not to carry out any transaction through the account, not to establish the business relationship nor carry out any occasional transaction, and to terminate any business relationship and to consider disclosing that information in accordance with regulation 15(3) to the Financial Intelligence Analysis Unit: Provided that, where to refrain in such manner is impossible or is likely to frustrate efforts of investigating a suspected money laundering or funding of terrorism operation that business shall proceed on condition that a disclosure is immediately lodged with the Financial Intelligence Analysis Unit in accordance with regulation 15(3): Provided further that subject persons carrying out a relevant activity under paragraph (a) or paragraph (c) of the definition ''relevant activity'' shall not be bound by the provisions of this subregulation if those subject persons are acting in the course of ascertaining the legal position of their client or performing their responsibilities of defending or representing that client in, or concerning, judicial procedures, including providing advice on
B 2717 instituting or avoiding procedures. (6) Without prejudice to sub-regulation (5), a subject person who is in possession of funds of a customer or a potential customer and who pursuant to sub-regulation (5) decides to terminate or not to establish a business relationship, or not to carry out an occasional transaction and to return, release or transfer those funds, shall as far as reasonably possible return those funds to the same source from where they originated and through the same financial channels by which the subject person came into possession of the funds, unless an order has been made or a notice has been issued in terms of the Act or these regulations prohibiting the release of such funds. 9. (1) Notwithstanding the provisions of regulation 8(1) and without prejudice to the provisions of regulation 7(5)(c), casino and gaming licensees shall apply customer due diligence measures when carrying out transactions that amount to or exceed two thousand euro ( 2,000) or more, whether carried out within the context of a business relationship or otherwise. (2) In addition to complying with the provisions of subregulation (1) and regulation 8, a casino licensee shall: Additional provisions on customer due diligence for casino and gaming licensees. (a) not allow any person to enter the casino unless such person has been satisfactorily identified pursuant to the provisions of the Gaming Act; Cap. 400 (b) ensure that the particulars relating to the identity of a person exchanging chips or tokens to the value of two thousand euro ( 2,000) or more is matched with, and cross referred to, the particulars relating to the identity of the person exchanging cash, cheques or bank drafts, or making a credit or debit card payment in exchange for chips or tokens, and shall further ensure that chips or tokens are derived from winnings made whilst playing a game or games at the casino; and (c) ensure that the provisions of paragraph (b) are also applied in cases where in any one gaming session a person carries out transactions which are individually for an amount of less than two thousand euro ( 2,000) but which in aggregate equal or exceed such amount. 10. (1) Simplified customer due diligence may be applied: (a) in relation to activities or services that are determined by the Financial Intelligence Analysis Unit to represent a low risk of money laundering and funding of terrorism, having taken into consideration the findings of any Simplified customer due diligence.
B 2718 national risk assessment and any other relevant factors as may be deemed appropriate; or (b) where, on the basis of the risk assessment carried out in accordance with regulation 5(1), the subject person determines that any occasional transaction or a business relationship represents a low risk of money laundering and funding of terrorism. (2) Simplified customer due diligence shall not constitute an exemption from all customer due diligence measures as envisaged under regulation 7(1), but subject persons may determine the applicability and extent thereof in a manner that is commensurate to the low risk identified: Provided that subject persons shall carry out sufficient ongoing monitoring in terms of regulation 7(2)(a) to be able to detect unusual and suspicious transactions. (3) Nothing contained in this regulation shall apply where the subject person has knowledge or suspicion of proceeds of criminal activity, money laundering or the funding of terrorism. Enhanced customer due diligence. 11. (1) In addition to the requirements under regulation 7, subject persons shall apply enhanced customer due diligence measures in the following situations: (a) in relation to activities or services that are determined by the Financial Intelligence Analysis Unit to represent a high risk of money laundering or funding of terrorism, having taken into consideration the findings of any national risk assessment and any other relevant factors as may be deemed appropriate; (b) where, on the basis of the risk assessment carried out in accordance with regulation 5(1), the subject person determines that an occasional transaction, a business relationship or any transaction represents a high risk of money laundering or funding of terrorism; (c) when dealing with natural or legal persons established in a non-reputable jurisdiction as defined in regulation 2, other than branches or majority-owned subsidiaries which comply with group-wide policies and procedures as required under regulation 6 in which cases enhanced due diligence measures shall be applied where there is a high risk of money laundering or funding of terrorism; and
B 2719 (d) in the cases referred to in sub-regulations (3) to (9). (2) Subject persons shall ensure that the enhanced customer due diligence measures applied in the cases referred to in paragraphs (a) to (c) of sub-regulation (1) are appropriate to manage and mitigate the high risk of money laundering or funding of terrorism. Provided that when undertaking occasional transactions for, or establishing a business relationships, or acting in the course of a business relationship with a natural or legal person established in a jurisdiction as is referred to in sub-regulation (1)(c) in respect of which there has been an international call for counter-measures, subject persons shall inform the Financial Intelligence Analysis Unit which may, in collaboration with the relevant supervisory authority, require a business relationship not to continue or a transaction not to be undertaken or apply any other counter-measure as may be adequate under the respective circumstances. (3) With respect to correspondent relationships with institutions from a country other than a Member State, subject persons shall ensure that (a) they gather sufficient information about the respondent institution to understand fully the nature of the respondent s business and to determine from publicly available information the reputation of the institution and the quality of supervision on that institution; (b) they assess the adequacy and effectiveness of the respondent institution s measures, policies, controls and procedures for the prevention of money laundering and the funding of terrorism; (c) the prior approval of senior management for the establishment of new correspondent relationships is obtained; (d) they document the respective responsibilities of each institution for the prevention of money laundering and the funding of terrorism; (e) with respect to payable-through accounts, they are satisfied that the respondent institution has verified the identity of and performed on-going due diligence on the customers having direct access to the accounts of the respondent institution and that they are provided with relevant customer due diligence data upon request.
B 2720 (4) Subject persons carrying out relevant financial business shall (a) not enter into, or continue, a correspondent relationship with a shell institution; (b) take appropriate measures to ensure that they do not enter into, or continue, a correspondent relationship with a respondent institution which is known to permit its accounts to be used by a shell institution. (5) Subject persons shall ensure that the risk management procedures maintained in accordance with regulation 5(5)(a) are conducive to determine whether a customer or a beneficial owner is a politically exposed person, and when undertaking occasional transactions for, or establishing or continuing business relationships with politically exposed persons shall:- (a) require the approval of senior management; (b) take adequate measures to establish the source of wealth and source of funds; and (c) conduct enhanced ongoing monitoring of such business relationships. (6) In addition to the requirements under sub-regulation (5), in case of long-term insurance business subject persons shall take reasonable measures to determine whether the beneficiaries of a policy and, where applicable, the beneficial owner of the beneficiary are politically exposed persons, which measures shall be taken no later than the time of payout or the time of the assignment, in whole or in part, of the policy: Provided that where the beneficiaries of the policy or, where applicable, the beneficial owner of the beneficiary are politically exposed persons, subject persons shall inform senior management before proceeding with the payout under the policy and shall conduct enhanced scrutiny of the entire business relationship with the policy holder. (7) Without prejudice to the application of enhanced customer due diligence measures on a risk sensitive basis, where a politically exposed person is no longer entrusted with a prominent public function, subject persons shall be required to apply enhanced due diligence measures in accordance with sub-regulations (5) and (6) for at least twelve months after the date on which that person ceased to be
B 2721 entrusted with a prominent public function. (8) Sub-regulations (5) and (6) shall also be applicable to family members or persons known to be close associates of politically exposed persons, and, for the purposes of this sub-regulation: "family members" includes: (i) the spouse, or a person considered to be equivalent to a spouse; (ii) the children and their spouses, or persons considered to be equivalent to a spouse; and (iii) the parents. "persons known to be close associates" means: (i) a natural person known to have joint beneficial ownership of a body corporate or any other form of legal arrangement, or any other close business relations, with that politically exposed person; (ii) a natural person who has sole beneficial ownership of a body corporate or any other form of legal arrangement that is known to have been established for the benefit of that politically exposed person. (9) Subject persons shall, as far as reasonably possible, examine the purpose and background of all complex and unusually large transactions and all unusual patterns of transactions, which have no apparent economic or lawful purpose and shall in such cases increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities are suspicious in terms of regulation 15(3). 12. (1) Subject persons may rely on another subject person or a third party to fulfil the customer due diligence requirements provided for under regulation 7(1)(a) to (c), with the subject person placing reliance remaining ultimately responsible for compliance with those requirements. (2) For the purposes of this regulation "third party" shall mean any person or institution, including member organisations or representative bodies of such person or institution, situated in a Member State other than Malta or a third country that: Reliance on performance by other subject persons or third parties. (a) apply customer due diligence requirements and